在我问了关于使用JSF、Hibernate和Tomcat的web应用程序的授权和身份验证的问题后,我开发了一些代码,我相信我已经非常接近这个解决方案了。
首先,我使用Eclipse和Apache Tomcat,用Java EE、JSF、Hibernate、MySQL编写Web应用程序。我不使用Spring、EJB等;容器管理认证";。我分享了该项目的一些代码部分他们有标准的简单代码来开发SERVLET登录。当你看着它们的时候,你会很容易理解的
POJO类;
public class User {
// Primary Key
private int USER_ID;
private String USER_NAME;
private String PASSWORD;
private String FIRST_NAME;
private String LAST_NAME;
...
public User(String uSER_NAME, String pASSWORD, String fIRST_NAME,
String lAST_NAME, ...) {
super();
USER_NAME = uSER_NAME;
PASSWORD = pASSWORD;
FIRST_NAME = fIRST_NAME;
...
}
/**
* Default empty constructor needed for hibernate entity
*/
public User() {
super();
// TODO Auto-generated constructor stub
}
/**
* Getters and setters
*/
...
...
}
public class UserGroup {
// Primary Key
private int USER_GROUP_ID;
// Reference for User table - foreign key
private Set<User> USERS;
private String USER_GROUP_NAME;
private boolean ADMINISTRATOR_SCR;
private boolean USER_SCR;
private boolean PLANNING_SCR;
...
public UserGroup(Set<User> uSERS, String uSER_GROUP_NAME,
boolean aDMINISTRATOR_SCR, boolean uSER_SCR, boolean pLANNING_SCR,
...) {
super();
USERS = uSERS;
USER_GROUP_NAME = uSER_GROUP_NAME;
ADMINISTRATOR_SCR = aDMINISTRATOR_SCR;
...
}
/**
* Default empty constructor needed for hibernate entity
*/
public UserGroup() {
// TODO Auto-generated constructor stub
}
/**
* Getters and setters
*/
...
...
}
Hibernate映射文件;
<hibernate-mapping>
<class name="folder.User" table="USER">
<id name="USER_ID" type="int">
<column name="USER_ID" />
<generator class="native" />
</id>
<property name="USER_NAME" type="java.lang.String">
<column name="USER_NAME" />
</property>
<property name="PASSWORD" type="java.lang.String">
<column name="PASSWORD" />
</property>
<property name="FIRST_NAME" type="java.lang.String">
<column name="FIRST_NAME" />
</property>
<property name="LAST_NAME" type="java.lang.String">
<column name="LAST_NAME" />
...
</class>
</hibernate-mapping>
<hibernate-mapping>
<class name="folder.UserGroup" table="USERGROUP">
<id name="USER_GROUP_ID" type="int">
<column name="USER_GROUP_ID" />
<generator class="native" />
</id>
<set name="USERS" table="USER" inverse="false" lazy="true" cascade="all">
<key>
<column name="USER_GROUP_ID" />
</key>
<one-to-many class="folder.User" />
</set>
<property name="USER_GROUP_NAME" type="java.lang.String">
<column name="USER_GROUP_NAME" />
</property>
<property name="ADMINISTRATOR_SCR" type="boolean">
<column name="ADMINISTRATOR_SCR" />
</property>
<property name="USER_SCR" type="boolean">
<column name="USER_SCR" />
</property>
...
</class>
</hibernate-mapping>
web.xml配置;
<security-constraint>
<display-name>Restricted</display-name>
<web-resource-collection>
<web-resource-name>Restricted Area</web-resource-name>
<url-pattern>/authorized/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/login.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
server.xml tomcat配置;
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost:3306/authentication_db"
connectionName="..." connectionPassword="..."
userTable="user" userNameCol="USER_NAME" userCredCol="PASSWORD"
userRoleTable="usergroup" roleNameCol="USER_GROUP_NAME" />
最后,登录功能;
public String login(){
HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
try {
//Login via the Servlet Context
request.login(getLoginName(), getLoginPass());
return "success";
} catch (ServletException e) {
FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, "Invalid Login", null));
e.printStackTrace();
}
return "failure";
}
在我将记录放在User表和UserGroup上并运行应用程序后,它看起来工作正常。然而,我得到了这个错误;
2014年2月16日下午4:38:48 org.apache.catalina.realm.JDBCRealm getRoles
严重:执行身份验证时出现异常
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:未知"where子句"中的列"USER_NAME"
在sun.reflect.NativeConstructorAccessorImpl.newInstance0(本机方法)
位于sun.reflect.NativeConstructorAccessorImpl.newInstance(未知来源)
在sun.reflect.DelegatingConstructorAccessorImpl.newInstance(未知来源)……
请帮帮我!
编辑:
MySQL表定义:
表:用户
列:
USER_ID int(11)AI PK
USER_NAME varchar(255)
密码varchar(255)
FIRST_NAME varchar(255)
LAST_NAME varchar(255)
电子邮件varchar(255)
USER_GROUP_ID int(11)FK(用户组表->USER_GROUP_ID)
表:用户组
列:
USER_GROUP_ID int(11)AI PK
用户组名称varchar(255)
ADMINISTRATOR_SCR位(1)
USER_SCR位(1)
PLANNING_SCR位(1)。。。
我解决了这个问题。问题是关于JDBCRealm数据格式。JDBCRealm是Tomcat6Realm接口的一个实现,它在通过JDBC驱动程序访问的关系数据库中查找用户。我必须以特殊格式创建用户和用户组表才能使用JDBCRealm。要查看此配置,请访问Apache Tomcat网站的页面-https://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html.